Security flaw in Whatsapp; Israel firm on radar for installing spyware in mobile phones

Facebook-owned Whatsapp on Monday encouraged its 1.5 billion users to update their apps as a precautionary measure after an Israeli firm was accused of installing surveillance software on mobile phones through the messaging application.

The New York Times reported on Monday that the Israeli firm accused of supplying tools for spying on human-rights activists and journalists now faces claims that its technology can use a security hole in WhatsApp, to break into the digital communications of iPhone and Android phone users.

The spyware designed to take advantage of the WhatsApp flaw, without any user intervention through in-app voice calls, was built by Israel-based the NSO Group.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," the company said in a statement.

Company officials told The New York Times that the malware was designed to target multiple targets including, a London-based lawyer, who has been involved in lawsuits that accuse NSO Group of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists, and many others.

WhatsApp learned from a Canada-based software developer Citizen Lab that the vulnerability had been used to target the lawyer.

Attackers could use the vulnerability to insert malicious code and steal data from an Android phone or an iPhone simply by placing a WhatsApp call, even if the victim did not pick up the call, the company said.

The company added it had alerted the Justice Department and other human-rights organisations about the threat.

The WhatsApp flaw was first reported on Monday by The Financial Times.

According to The New York Times, the products of the NSO Group, which operated in secret for years, were found in 2016 as part of a spying campaign on the iPhone of a now-jailed human-rights activist in the United Arab Emirates through undisclosed Apple security vulnerabilities. Since then, the NSO Group's spyware has been found on the iPhones of journalists, dissidents and nutritionists.

Meanwhile, the NSO Group said in a statement on Monday that its spyware was strictly licensed to government agencies and that it would investigate any "credible allegations of misuse."

The company added it would not be involved in identifying a target for its technology, including the lawyer amid reports about the latest accusations.